| Date: | 5 Apr 2005 22:04:16 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #230 |
SecurityFocus Linux Newsletter #230
------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Web Browser Forensics, Part 1
2. Defeating Honeypots: System Issues, Part 2
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel Bluetooth Signed Buffer Index Vulnerability
2. Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Bu...
3. Multiple Vendor Telnet Client Env_opt_add Heap-Based Buffer ...
4. Midnight Commander Insert_Text Buffer Overflow Vulnerability
5. Linux Kernel EXT2 File System Information Leak Vulnerability
6. Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulner...
7. Linux Kernel Elf Binary Loading Local Denial of Service Vuln...
8. Mailreader Remote HTML Injection Vulnerability
9. YepYep MTFTPD Remote CWD Argument Format String Vulnerabilit...
10. Linux Kernel File Lock Local Denial Of Service Vulnerability
11. GDK-Pixbuf BMP Image Processing Double Free Remote Denial
of...
12. PAFileDB ID Parameter Cross-Site Scripting Vulnerability
13. BZip2 CHMod File Permission Modification Race Condition
Weak...
14. Linux Kernel Futex Local Deadlock Denial Of Service
Vulnerab...
15. PHP Group PHP Image File Format Remote Denial Of Service
Vul...
16. PHP Group PHP Remote JPEG File Format Remote Denial Of
Servi...
17. BakBone NetVault Configure.CFG Local Buffer Overflow
Vulnera...
18. BakBone NetVault Remote Heap Overflow Vulnerability
19. Linux Kernel TmpFS Driver Local Denial Of Service
Vulnerabil...
III. LINUX FOCUS LIST SUMMARY
1. vsftp question (Thread)
2. Linux and DB2 (Thread)
3. Apache+PHP+ftp security (Thread)
4. Re[2]: Apache+PHP+ftp security (Thread)
5. OpenVPN? (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. File System Saint 1.02a
2. Umbrella v0.5
3. Travesty 1.0
4. OCS 0.1
5. KSB - Kernel Socks Bouncer 2.6.10
6. DigSig 1.3.2
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Web Browser Forensics, Part 1
By Keith J. Jones and Rohyt Belani
This article provides a case study of digital forensics, and
investigates
incriminating evidence using a user's web browser history.
http://www.securityfocus.com/infocus/1827
2. Defeating Honeypots: System Issues, Part 2
By Thorsten Holz and Frederic Raynal
Part two of this paper discusses how hackers discover, interact with,
and
sometimes disable honeypots at the system level and the application
layer.
http://www.securityfocus.com/infocus/1828
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Linux Kernel Bluetooth Signed Buffer Index Vulnerability
BugTraq ID: 12911
Remote: No
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12911
Summary:
A local signed buffer index vulnerability affects the Linux kernel.
This issue is due to a failure of the affected kernel to securely handle
signed values when validating memory indexes.
This issue may be leverage by a local attacker to gain escalated
privileges on an affected computer.
2. Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Bu...
BugTraq ID: 12918
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12918
Summary:
A remote buffer overflow vulnerability affects Multiple vendor's Telnet
client. This issue is due to a failure of the application to properly
validate the length of user-supplied strings prior to copying them into
static process buffers.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This
may facilitate unauthorized access or privilege escalation.
3. Multiple Vendor Telnet Client Env_opt_add Heap-Based Buffer ...
BugTraq ID: 12919
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12919
Summary:
Multiple vendor's Telnet client applications are reported prone to a
remote buffer overflow vulnerability. It is reported that the
vulnerability exists in a function 'env_opt_add()' in the 'telnet.c' source file,
which is apparently common source for all of the affected vendors.
A remote attacker may exploit this vulnerability to execute arbitrary
code on some of the affected platforms in the context of a user that is
using the vulnerable Telnet client to connect to a malicious server.
4. Midnight Commander Insert_Text Buffer Overflow Vulnerability
BugTraq ID: 12928
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12928
Summary:
A buffer overflow vulnerability exists in Midnight Commander. The
vulnerability is caused by insufficient bounds checking of external data
supplied to the 'insert_text()' function.
This issue may allow local attackers to execute arbitrary code in the
context of another user.
5. Linux Kernel EXT2 File System Information Leak Vulnerability
BugTraq ID: 12932
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12932
Summary:
The Linux kernel EXT2 filesystem handling code is reported prone to a
local information leakage vulnerability.
This issue may be leveraged by a local attacker to gain access to
potential sensitive kernel memory. Information gained in this way may lead
to further attacks against the affected computer.
6. Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulner...
BugTraq ID: 12934
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12934
Summary:
Sylpheed is prone to a buffer overflow when handling email attachments
with MIME-encoded file names.
Succesful exploitation may allow arbitrary code execution in the
security context of the application.
7. Linux Kernel Elf Binary Loading Local Denial of Service Vuln...
BugTraq ID: 12935
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12935
Summary:
Linux Kernel is prone to a potential local denial of service
vulnerability.
It is reported that issue exists in the 'load_elf_library' function.
Linux Kernel 2.6.11.5 and prior versions are affected by this issue.
8. Mailreader Remote HTML Injection Vulnerability
BugTraq ID: 12945
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12945
Summary:
A remote HTML injection vulnerability affects Mailreader. This issue is
due to a failure of the application to properly sanitize user-supplied
input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user. This may facilitate the
theft of cookie-based authentication credentials as well as other
attacks.
9. YepYep MTFTPD Remote CWD Argument Format String Vulnerabilit...
BugTraq ID: 12947
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12947
Summary:
mtftpd is reported prone to a remote format string vulnerability.
Reports indicate that this issue may be exploited by a remote
authenticated attacker to execute arbitrary code in the context of the
vulnerable service.
This vulnerability is reported to affect mtftpd versions up to an
including version 0.0.3.
10. Linux Kernel File Lock Local Denial Of Service Vulnerability
BugTraq ID: 12949
Remote: No
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12949
Summary:
A local denial of service vulnerability reportedly affects the Linux
kernel. This issue arises due to a failure of the kernel to properly
handle malicious, excessive file locks.
An attacker may leverage this issue to crash or hang the affected
kernel and deny service to legitimate users.
It should be noted that Symantec has been unable to reproduce this
issue after testing. It is possible that this vulnerability is linked to
the reporter's specific configuration. More information will be added
as it becomes available.
11. GDK-Pixbuf BMP Image Processing Double Free Remote Denial of...
BugTraq ID: 12950
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12950
Summary:
gdk-pixbuf library is reported prone to a denial of service
vulnerability. This issue arises due to a double free condition.
It is reported that this vulnerability presents itself when an
application that is linked against the library handles malformed Bitmap (.bmp)
image files.
A successful attack may result in a denial of service condition. It is
not confirmed whether this vulnerability could be leveraged to execute
arbitrary code.
gdk-pixbuf 0.22.0 and gtk2 2.4.14 packages are known to be vulnerable
to this issue. It is likely that other versions are affected as well.
This BID will be updated when more information becomes available.
12. PAFileDB ID Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 12952
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12952
Summary:
paFileDB is reported prone to a cross-site scripting vulnerability.
The vulnerability presents itself when an attacker supplies malicious
HTML and script code through the 'id' parameter.
This may allow for theft of cookie-based authentication credentials or
other attacks.
paFileDB 3.1 and prior versions are affected by this vulnerability.
This issue may be related to BID 12788 (PAFileDB Multiple SQL Injection
And Cross-Site Scripting Vulnerabilities) and BID 12758 (PHP Arena
PAFileDB Multiple Remote Cross Site Scripting Vulnerabilities). This BID
will be retired or updated upon further analysis.
13. BZip2 CHMod File Permission Modification Race Condition Weak...
BugTraq ID: 12954
Remote: No
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12954
Summary:
bzip2 is reported prone to a security weakness, the issue is only
present when an archive is extracted into a world or group writeable
directory. It is reported that bzip2 employs non-atomic procedures to write a
file and later change the permissions on the newly extracted file.
A local attacker may leverage this issue to modify file permissions of
target files.
This weakness is reported to affect bzip2 version 1.0.2 and previous
versions.
14. Linux Kernel Futex Local Deadlock Denial Of Service Vulnerab...
BugTraq ID: 12959
Remote: No
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12959
Summary:
The Linux kernel futex functions are reported prone to a local denial
of service vulnerability. The issue is reported to manifest because
several unspecified futex functions perform 'get_user()' calls and at the
same time hold mmap_sem for reading purposes.
A local attacker may potentially leverage this issue to trigger a
kernel deadlock and potentially deny service for legitimate users.
This vulnerability is reported to exist in the 2.6 Linux kernel tree.
15. PHP Group PHP Image File Format Remote Denial Of Service Vul...
BugTraq ID: 12962
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12962
Summary:
A remote denial of service vulnerability affects PHP Group PHP. This
issue is due to a failure of the application to properly handle
maliciously formed Image Format File (IFF) image files.
It should be noted that this vulnerability can only be exploited
remotely if a Web based PHP application is implemented that allows
user-supplied images to be processed by the 'getimagesize()' function. The
'getimagesize()' is commonly implemented in PHP Web applications that allow
for the display of images.
An attacker may leverage this issue to cause the affected script
interpreter to consume excessive processing resources on an affected
computer, leading to a denial of service condition.
16. PHP Group PHP Remote JPEG File Format Remote Denial Of Servi...
BugTraq ID: 12963
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12963
Summary:
A remote denial of service vulnerability affects PHP Group PHP. This
issue is due to a failure of the application to properly handle
maliciously crafted JPEG image files.
It should be noted that this vulnerability can only be exploited
remotely if a Web based PHP application is implemented that allows
user-supplied images to be processed by the 'getimagesize()' function. The
'getimagesize()' is commonly implemented in PHP Web applications that allow
for the display of images.
An attacker may leverage this issue to cause the affected script
interpreter to consume excessive processing resources on an affected
computer, leading to a denial of service condition.
17. BakBone NetVault Configure.CFG Local Buffer Overflow Vulnera...
BugTraq ID: 12966
Remote: No
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12966
Summary:
NetVault is reported prone to a local buffer overflow vulnerability.
It is reported that a local attacker can exploit this vulnerability by
supplying excessive data through a variable in the 'configure.cfg'
file.
A successful attack can allow local attackers to execute arbitrary code
on a vulnerable computer to gain elevated privileges.
This issue has been confirmed in NetVault 7 packages running on Windows
platforms. Other versions of NetVault running on different platforms
may be affected as well.
18. BakBone NetVault Remote Heap Overflow Vulnerability
BugTraq ID: 12967
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12967
Summary:
NetVault is reported prone to a remote heap overflow vulnerability.
A successful attack can allow remote attackers to execute arbitrary
code on a vulnerable computer to gain unauthorized access.
This issue has been confirmed in NetVault 7 packages running on Windows
platforms. Other versions of NetVault running on different platforms
may be affected as well.
19. Linux Kernel TmpFS Driver Local Denial Of Service Vulnerabil...
BugTraq ID: 12970
Remote: No
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12970
Summary:
The Linux kernel is reported prone to a local denial of service
vulnerability. The issue is reported to exist in the Linux kernel tmpfs
driver, and is because of a lack of sanitization performed on the address
argument of 'shm_nopage()'.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. vsftp question (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394897
2. Linux and DB2 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394891
3. Apache+PHP+ftp security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394746
4. Re[2]: Apache+PHP+ftp security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394581
5. OpenVPN? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394497
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. File System Saint 1.02a
By: Joshua Fritsch
Relevant URL: http://www.unixgeeks.org/saint
Platforms: Linux, UNIX
Summary:
A fast, flexible, lightweight perl-based host IDS.
2. Umbrella v0.5
By: Umbrella
Relevant URL: http://umbrella.sf.net/
Platforms: Linux
Summary:
A combination of process-based access control (PBAC) and authentication
of binaries (like DigSig) - in addition the binaries have the security
policy included within the binary, thus when it is executed, the policy
is applied to the corrosponding process. Umbrella provides developers
with a "restricted fork" which enables him to further restrict a
sub-process from e.g. accessing the network.
3. Travesty 1.0
By: Robert Wesley McGrew
Relevant URL: http://cse.msstate.edu/~rwm8/travesty/
Platforms: Linux
Summary:
Travesty is an interactive program for managing the hardware addresses
(MAC) of ethernet devices on your computer. It supports manually
changing the MAC, generating random addresses, and applying different vendor
prefixes to the current address.
It also allows the user to import their own lists of hardware
addresses and descriptions that can be navigated from within the Travesty
interface. Travesty is written in Python, and is very simple to add
functionality to, or modify.
4. OCS 0.1
By: OverIP
Relevant URL: http://hacklab.altervista.org/download/OCS.c
Platforms: Linux
Summary:
This is a very reliable and fast mass scanner for Cisco router with
telnet/enable default password.
5. KSB - Kernel Socks Bouncer 2.6.10
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects
full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26
uses a character device to pass socks5 and target ips to the Linux
Kernel. I have choosen to write in kernel space to enjoy myself [I know
that there are easier and safer ways to write this in userspace].
6. DigSig 1.3.2
By:
Relevant URL: http://sourceforge.net/projects/disec/
Platforms: Linux
Summary:
DigSig Linux kernel load module checks the signature of a binary before
running it. It inserts digital signatures inside the ELF binary and
verify this signature before loading the binary. Therefore, it improves
the security of the system by avoiding a wide range of malicious
binaries like viruses, worms, Torjan programs and backdoors from running on
the system.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------